home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / mandrake_MDKSA-2004-063.nasl < prev    next >
Text File  |  2005-01-14  |  3KB  |  104 lines
  1. #
  2. # (C) Tenable Network Security
  3. #
  4. # This plugin text was extracted from Mandrake Linux Security Advisory MDKSA-2004:063
  5. #
  6.  
  7.  
  8. if ( ! defined_func("bn_random") ) exit(0);
  9. if(description)
  10. {
  11.  script_id(14162);
  12.  script_version ("$Revision: 1.2 $");
  13.  script_cve_id("CAN-2002-1363");
  14.  
  15.  name["english"] = "MDKSA-2004:063: libpng";
  16.  
  17.  script_name(english:name["english"]);
  18.  
  19.  desc["english"] = "
  20. The remote host is missing the patch for the advisory MDKSA-2004:063 (libpng).
  21.  
  22.  
  23. A buffer overflow vulnerability was discovered in libpng due to a wrong
  24. calculation of some loop offset values. This buffer overflow can lead to Denial
  25. of Service or even remote compromise.
  26. This vulnerability was initially patched in January of 2003, but it has since
  27. been noted that fixes were required in two additional places that had not been
  28. corrected with the earlier patch. This update uses an updated patch to fix all
  29. known issues.
  30. After the upgrade, all applications that use libpng should be restarted. Many
  31. applications are linked to libpng, so if you are unsure of what applications to
  32. restart, you may wish to reboot the system. Mandrakesoft encourages all users to
  33. upgrade immediately.
  34.  
  35.  
  36. Solution : http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:063
  37. Risk factor : High";
  38.  
  39.  
  40.  
  41.  script_description(english:desc["english"]);
  42.  
  43.  summary["english"] = "Check for the version of the libpng package";
  44.  script_summary(english:summary["english"]);
  45.  
  46.  script_category(ACT_GATHER_INFO);
  47.  
  48.  script_copyright(english:"This script is Copyright (C) 2004 Tenable Network Security");
  49.  family["english"] = "Mandrake Local Security Checks";
  50.  script_family(english:family["english"]);
  51.  
  52.  script_dependencies("ssh_get_info.nasl");
  53.  script_require_keys("Host/Mandrake/rpm-list");
  54.  exit(0);
  55. }
  56.  
  57. include("rpm.inc");
  58. if ( rpm_check( reference:"libpng3-1.2.5-10.3.100mdk", release:"MDK10.0", yank:"mdk") )
  59. {
  60.  security_hole(0);
  61.  exit(0);
  62. }
  63. if ( rpm_check( reference:"libpng3-devel-1.2.5-10.3.100mdk", release:"MDK10.0", yank:"mdk") )
  64. {
  65.  security_hole(0);
  66.  exit(0);
  67. }
  68. if ( rpm_check( reference:"libpng3-1.2.5-2.3.91mdk", release:"MDK9.1", yank:"mdk") )
  69. {
  70.  security_hole(0);
  71.  exit(0);
  72. }
  73. if ( rpm_check( reference:"libpng3-devel-1.2.5-2.3.91mdk", release:"MDK9.1", yank:"mdk") )
  74. {
  75.  security_hole(0);
  76.  exit(0);
  77. }
  78. if ( rpm_check( reference:"libpng3-static-devel-1.2.5-2.3.91mdk", release:"MDK9.1", yank:"mdk") )
  79. {
  80.  security_hole(0);
  81.  exit(0);
  82. }
  83. if ( rpm_check( reference:"libpng3-1.2.5-7.3.92mdk", release:"MDK9.2", yank:"mdk") )
  84. {
  85.  security_hole(0);
  86.  exit(0);
  87. }
  88. if ( rpm_check( reference:"libpng3-devel-1.2.5-7.3.92mdk", release:"MDK9.2", yank:"mdk") )
  89. {
  90.  security_hole(0);
  91.  exit(0);
  92. }
  93. if ( rpm_check( reference:"libpng3-static-devel-1.2.5-7.3.92mdk", release:"MDK9.2", yank:"mdk") )
  94. {
  95.  security_hole(0);
  96.  exit(0);
  97. }
  98. if (rpm_exists(rpm:"libpng-", release:"MDK10.0")
  99.  || rpm_exists(rpm:"libpng-", release:"MDK9.1")
  100.  || rpm_exists(rpm:"libpng-", release:"MDK9.2") )
  101. {
  102.  set_kb_item(name:"CAN-2002-1363", value:TRUE);
  103. }
  104.